[El-errata] ELSA-2025-20270 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Apr 16 22:51:39 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-20270

http://linux.oracle.com/errata/ELSA-2025-20270.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-307.178.5.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-307.178.5.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-307.178.5.el9uek.x86_64.rpm



SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-307.178.5.el9uek.src.rpm

Related CVEs:

CVE-2024-35972
CVE-2024-40919
CVE-2024-41079
CVE-2024-44984
CVE-2024-46842
CVE-2024-50155
CVE-2024-50215
CVE-2024-53209
CVE-2024-53213
CVE-2024-56656
CVE-2024-56660
CVE-2024-56760




Description of changes:

[5.15.0-307.178.5.el9uek]
- net/mlx5: DR, prevent potential error pointer dereference (Dan Carpenter)  [Orabug: 37434242]  {CVE-2024-56660}
- uek-rpm: Set CONFIG_IP6_NF_IPTABLES for ol9/ol8 container kernels (Jonah Palmer)  [Orabug: 37703179]
- net: hsr: fix fill_frame_info() regression vs VLAN packets (Eric Dumazet) 
- f2fs: Introduce linear search for dentries (Daniel Lee) 
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande) 
- net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel) 
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (Andrew Cooper) 
- sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Høiland-Jørgensen) 
- usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) 
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (Juergen Gross) 
- x86/xen: add FRAME_END to xen_hypercall_hvm() (Juergen Gross) 
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao) 
- usb: dwc3: Set SUSPENDENABLE soon after phy init (Thinh Nguyen) 
- Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den) 
- Revert "media: uvcvideo: Require entities to have a non-zero unique ID" (Thadeu Lima de Souza Cascardo) 
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang)

[5.15.0-307.178.4.el9uek]
- LTS version: v5.15.178 (Vijayendra Suman)
- Input: xpad - add support for wooting two he (arm) (Jack Greiner)
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto)
- Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson)
- ALSA: usb-audio: Add delay quirk for USB Audio Device (Lianqin Hu)
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz)
- wifi: iwlwifi: add a few rate index validity checks (Anjaneyulu)
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (Easwar Hariharan)
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (Ido Schimmel)
- platform/chrome: cros_ec_typec: Check for EC driver (Akihiko Odaki)
- fs/ntfs3: Additional check in ntfs_file_release (Konstantin Komarov)
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (Luiz Augusto von Dentz)
- Bluetooth: SCO: Fix not validating setsockopt user input (Luiz Augusto von Dentz)
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson)
- net: sched: fix ets qdisc OOB Indexing (Jamal Hadi Salim)
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher)
- mptcp: don't always assume copied data in mptcp_cleanup_rbuf() (Paolo Abeni)
- regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav)
- ASoC: samsung: Add missing depends on I2C (Charles Keepax)
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons)
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang)
- seccomp: Stub for !CONFIG_SECCOMP (Linus Walleij)
- ASoC: samsung: Add missing selects for MFD_WM8994 (Charles Keepax)
- ASoC: wm8994: Add depends on MFD core (Charles Keepax)

[5.15.0-307.177.3.el9uek]
- jbd2: increase maximum transaction size (Jan Kara)  [Orabug: 37688920]
- net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled (Carolina Jubran)  [Orabug: 37534698]
- net/mlx5e: Always start IPsec sequence number from 1 (Leon Romanovsky)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: Add support for clock_measure performance block (Shravan Kumar Ramani)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: Add support for monitoring cycle count (Shravan Kumar Ramani)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: incorrect type in assignment (Pei Xiao)  [Orabug: 37534698]
- net/mlx5e: Disable loopback self-test on multi-PF netdev (Carolina Jubran)  [Orabug: 37534698]
- net/mlx5: Unregister notifier on eswitch init failure (Cosmin Ratiu)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling (Michal Wilczynski)  [Orabug: 37534698]
- net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (Jianbo Liu)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: fix lockdep warning (Luiz Capitulino)  [Orabug: 37534698]
- net/mlx5: Fix bridge mode operations when there are no VFs (Benjamin Poirier)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: Add hw_reset() support for BlueField-3 SoC (Liming Sun)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: add dwcmshc_pltfm_data (Chen Wang)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: factor out code into dwcmshc_rk35xx_init (Chen Wang)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: factor out code for th1520_init() (Chen Wang)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: move two rk35xx functions (Chen Wang)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: add common bulk optional clocks support (Chen Wang)  [Orabug: 37534698]
- net/mlx5e: Take state lock during tx timeout reporter (Dragos Tatulea)  [Orabug: 37534698]
- net/mlx5: SD, Do not query MPIR register if no sd_group (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: Always drain health in shutdown callback (Shay Drory)  [Orabug: 37534698]
- mmc: dw_mmc-bluefield: Add support for eMMC HW reset (Liming Sun)  [Orabug: 37534698]
- mmc: dw_mmc: Add support for platform specific eMMC HW reset (Liming Sun)  [Orabug: 37534698]
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (Dragos Tatulea)  [Orabug: 37534698]
- net/mlx5e: SHAMPO, Fix incorrect page release (Dragos Tatulea)  [Orabug: 37534698]
- net/mlx5: Do not query MPIR on embedded CPU function (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: Reload only IB representors upon lag disable/enable (Maher Sanalla)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: Add tuning support for Sophgo CV1800B and SG200X (Jisheng Zhang)  [Orabug: 37534698]
- macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst (Rahul Rameshbabu)  [Orabug: 37534698]
- macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads (Rahul Rameshbabu)  [Orabug: 37534698]
- net/mlx5e: Prevent deadlock while disabling aRFS (Carolina Jubran)  [Orabug: 37534698]
- net/mlx5e: Use channel mdev reference instead of global mdev instance for coalescing (Rahul Rameshbabu)  [Orabug: 37534698]
- net/mlx5: SD, Handle possible devcom ERR_PTR (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: Disallow SRIOV switchdev mode when in multi-PF netdev (Tariq Toukan)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: Implement SDHCI CQE support (Sergey Khimich)  [Orabug: 37534698]
- mmc: cqhci: Add cqhci set_tran_desc() callback (Sergey Khimich)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: fix signedness bugs (Dan Carpenter)  [Orabug: 37534698]
- net/mlx5e: Create EN core HW resources for all secondary devices (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5e: Create single netdev per SD group (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: SD, Add debugfs (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: SD, Add informative prints in kernel log (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: SD, Implement steering for primary and secondaries (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: SD, Implement devcom communication and primary election (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: SD, Implement basic query and instantiation (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: SD, Introduce SD lib (Tariq Toukan)  [Orabug: 37534698]
- net/mlx5: Add MPIR bit in mcam_access_reg (Tariq Toukan)  [Orabug: 37534698]
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (David Gow)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: Ignore unsupported performance blocks (Luiz Capitulino)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: mlxbf_pmc_event_list(): make size ptr optional (Luiz Capitulino)  [Orabug: 37534698]
- mmc: sdhci-of-dwcmshc: Add support for Sophgo CV1800B and SG2002 (Jisheng Zhang)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: Cleanup signed/unsigned mix-up (Shravan Kumar Ramani)  [Orabug: 37534698]
- platform/mellanox: mlxbf-pmc: Replace uintN_t with kernel-style types (Shravan Kumar Ramani)  [Orabug: 37534698]
- net: macsec: revert the MAC address if mdo_upd_secy fails (Radu Pirea (NXP OSS))  [Orabug: 37534698]
- net: macsec: documentation for macsec_context and macsec_ops (Radu Pirea (NXP OSS))  [Orabug: 37534698]
- fortify: Do not cast to "unsigned char" (Kees Cook)  [Orabug: 37534698]
- fortify: Use SIZE_MAX instead of (size_t)-1 (Kees Cook)  [Orabug: 37534698]
- fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (Kees Cook)  [Orabug: 37534698]
- mmc: dw_mmc: Add driver callbacks for data read timeout (Mårten Lindahl)  [Orabug: 37534698]
- mmc: dw_mmc-exynos: Add support for ARTPEC-8 (Mårten Lindahl)  [Orabug: 37534698]
- mmc: dw_mmc: clean up a debug message (Dan Carpenter)  [Orabug: 37534698]
- mmc: dw_mmc: exynos: use common_caps (John Keeping)  [Orabug: 37534698]
- mmc: dw_mmc: add common capabilities to replace caps (John Keeping)  [Orabug: 37534698]
- mmc: dw_mmc: Allow lower TMOUT value than maximum (Mårten Lindahl)  [Orabug: 37534698]
- rds: Make sure transmit path and connection tear-down does not run concurrently (Håkon Bugge)  [Orabug: 36441944]
- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt)  [Orabug: 36252756]
- ice: virtchnl rss hena support (Md Fahad Iqbal Polash)  [Orabug: 36252756]
- ice: Add support Flex RXD (Michal Jaron)  [Orabug: 36252756]

[5.15.0-307.177.2.el9uek]
- uek-rpm: Enable CONFIG_MICROSOFT_MANA as module in aarch64 (Vijayendra Suman)  [Orabug: 37647393]
- rtc: add new RTC_FEATURE_ALARM_WAKEUP_ONLY feature (Alexandre Belloni)  [Orabug: 37631796]
- thermal: core: Drop excessive lockdep_assert_held() calls (Rafael J. Wysocki)  [Orabug: 37631796]
- thermal: core: Introduce thermal_cooling_device_update() (Rafael J. Wysocki)  [Orabug: 37631796]
- thermal: core: Introduce thermal_cooling_device_present() (Rafael J. Wysocki)  [Orabug: 37631796]
- thermal: sysfs: Reuse cdev->max_state (Viresh Kumar)  [Orabug: 37631796]
- rtc: efi: Enable SET/GET WAKEUP services as optional (Shanker Donthineni)  [Orabug: 37631796]
- rtc: efi: Add wakeup support (Riwen Lu)  [Orabug: 37631796]
- rtc: efi: switch to RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni)  [Orabug: 37631796]
- rtc: add BSM parameter (Alexandre Belloni)  [Orabug: 37631796]
- rtc: add correction parameter (Alexandre Belloni)  [Orabug: 37631796]
- rtc: add parameter ioctl (Alexandre Belloni)  [Orabug: 37631796]
- rtc: expose correction feature (Alexandre Belloni)  [Orabug: 37631796]
- rtc: add alarm related features (Alexandre Belloni)  [Orabug: 37631796]
- rtc: efi: switch to devm_rtc_allocate_device (Alexandre Belloni)  [Orabug: 37631796]
- cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao)  [Orabug: 37621589]
- rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (Håkon Bugge)  [Orabug: 37586089]
- bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (Michael Chan)  [Orabug: 37434220]  {CVE-2024-56656}
- bnxt_en: Fix receive ring space parameters when XDP is active (Shravya KN)  [Orabug: 37433562]  {CVE-2024-53209}
- bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (Aleksandr Mishin)  [Orabug: 37070333]  {CVE-2024-40919}
- bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (Vikas Gupta)  [Orabug: 37070270]  {CVE-2024-35972}
- bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (Somnath Kotur)  [Orabug: 37070266]  {CVE-2024-44984}

[5.15.0-307.177.1.el9uek]
- nvmet: always initialize cqe.result (Daniel Wagner) [Orabug: 36897348] {CVE-2024-41079}
- nvmet-auth: complete a request only after freeing the dhchap pointers (Maurizio Lombardi) [Orabug: 36897348] {CVE-2024-41079}
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Justin Tee) [Orabug: 37116505] {CVE-2024-46842}
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (Eric Dumazet) [Orabug: 37264120] {CVE-2024-50155}
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (Vitaliy Shevtsov) [Orabug: 37268555] {CVE-2024-50215}
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (Oleksij Rempel) [Orabug: 37433573] {CVE-2024-53213}
- PCI/MSI: Handle lack of irqdomain gracefully (Thomas Gleixner) [Orabug: 37452651] {CVE-2024-56760}
- selftests: rtnetlink: update netdevsim ipsec output format (Hangbin Liu) [Orabug: 37547931]
- netdevsim: print human readable IP address (Hangbin Liu) [Orabug: 37547931]
- uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619141]
- Add __init annotation to pensando_efi_mem_reserve (Joseph Dobosenski) [Orabug: 37619785]

More information about the El-errata mailing list